Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security][Detection rules] Pull in rule updates from v0.13.1 update #103695

Merged
merged 2 commits into from
Jun 29, 2021
Merged

[Security][Detection rules] Pull in rule updates from v0.13.1 update #103695

merged 2 commits into from
Jun 29, 2021

Conversation

rw-access
Copy link
Contributor

Summary

Closes #102146

As of #101846, the rules were updated for 7.x and master to match the the Fleet package "Prebuilt Security Detection Rules" @ v0.13.1 (release notes). In that update, we fixed the ML jobs to use underscores instead of hyphens.

This pulls in that same rule update. Should be 41 updated rules and 4 new rules.

@rw-access rw-access added release_note:skip Skip the PR/issue when compiling release notes Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Detections and Resp Security Detection Response Team v7.13.3 labels Jun 29, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

brokensound77
brokensound77 approved these changes Jun 29, 2021
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@spong
Copy link
Member

spong commented Jun 29, 2021

This pulls in that same rule update. Should be 41 updated rules and 4 new rules.

Seeing Files changed 281 for this PR, looks like most of these extras are additional newlines being added to the query (without a version bump). Was there a change in the build pipeline that resulted in this, I don't think we need newlines at the end, no?

image

@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / "before all" hook for "should contain notes".Timeline notes tab "before all" hook for "should contain notes"

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

AssertionError: Timed out retrying after 60000ms: Expected to find element: `.euiBadge`, but never found it.

Because this error occurred during a `before all` hook we are skipping the remaining tests in the current suite: `Timeline notes tab`

Although you have test retries enabled, we do not retry tests when `before all` or `after all` hooks fail
    at Context.eval (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/notes_tab.spec.ts:15943:14)

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

spong
spong approved these changes Jun 29, 2021
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Configured a 7.13.2 install with all prepackaged rules installed, then checked out locally and verified rule updates were presented (41 in this instance), successfully installed, and that the ML Rules have been updated as well. LGTM! Thanks @rw-access! 🙂

Before:

After:

ML Job Fixed:

@rw-access rw-access merged commit 9145828 into elastic:7.13 Jun 29, 2021
@rw-access rw-access deleted the detection-rules/7.13/fix-ml-job-id branch June 29, 2021 21:46
@spong spong mentioned this pull request Jun 29, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spong spong spong approved these changes

@brokensound77 brokensound77 brokensound77 approved these changes

Assignees
No one assigned
Labels
Feature:Detection Rules Anything related to Security Solution's Detection Rules release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team v7.13.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rw-access @elasticmachine @spong @kibanamachine @brokensound77